Re[4]: Firewall in an internet-caffe
Hello!
As an answer for Your letter, I would like to write:
> B. On the FTP/MAIL/WWW server. Not impossible, but risky ... if
> someone uses a weak password and gets his or her account cracked, you
> provide access to all of your external services.
> C. On a different machine.
I'll choose B. C-maybe in the future.
> If you exclude choice C, I certainly think B is better than A ... but not
> offering the service at all is (probably) even better.
It doesn't depend on me.
> 3. As to how to use your 32 addresses ... as I said before, you haven't
> described your LAN in enough detail for me to give you more than some
> preliminary thoughts.
That's because it's so messed up now that I have to do everyting from
scratch. OK. I think, that there are misunderstangings between us, my
english is not very well, really. For example: do I understand 'router'
corectly? Does 'routing' mean passing through? I'm sure it does (hope
so), but maybe I can't immagine it corectly. I think of it as taking
request from inet provider, checking, that it's for a.b.c.5:80, but
there is no www service on a.b.c.5, because it's windows. So I reject
it. But request from a.b.c.7 is x.y.z.t:22 (SSH AFAIR). A can pass it
through, because user can connect to some server with ssh (x.y.z.t is on
internet somewhere). Is that what routing is for? Please enlighten me,
because I do know a bit, but I don't know how to call it. Sometimes even
writing in polish some people can't understand me. :-(
> If you want more feedback on that, please describe in
> a bit more detail how you intend to configure the router/firewall. For
> example, you previously said you would give it IP address a.b.c.1. Though
> this usage is common shorthand, it really is inaccurate -- *interfaces* get
> IP addresses, not *hosts*.
What do You mean saying 'interface'? (this word has many meanings)
> A router has (at least) two IP addresses, on two
> different networks. If the router/firewall's *internal* interface is
> a.b.c.1, then what is its external IP address (the one that connects the
> router to the Internet)?
OK. I'll try to explain it as clean as I can. :-)
Now it's like this:
C C C
| | / C - computer with windows
+--------+ /---\-C S1 - mandrake with www/dns/ftp/mail
|Provider|-----------|HUB|-C S2 - mandrake with shell accounts
+--------+ /\ \---/-S1
(Cable to hub) \S2
Provider provides me IP's a.b.c.1 up to a.b.c.32 through Cable. Hub
broadcasts request for a.b.c.X and X (some mendrake or windows) replays
to the request saying "I'm a.b.c.X!". So it gets connection with
internet. There are 16 computers with windows (IP's .16-.32). Rest is
used by S1 and S2, because AFAIR every ftp virtual host need's separate
IP (there are 3 VirtualHosts now - one for caffe and two bought by some
companies), because VH by host name is in drafts now and it's not the
part of HTTP1.1 (so says ProFTPD FAQ).
What I want to do:
[S2] C C
\ | /
+--------+ ............ /---\-C
|Provider|---------- : FIREWALL :----|HUB|-C
+--------+ /\ :..........: \---/\
(Cable to Firewall) C
S2 - (www/mail/ftp services), on separate eth (lets say eth1)
C - windows (hub connected to lets say eth0)
Is this how I should do it? How to configure FIREWALL. Where should I
put DNS?
> (such as seawall, a Sourceforge project).
What's so special in SourceForge? Almost every project I hear about is
being maintained there.
> Or perhaps not ... your more recent comments indicate a greater
> breadth of knowledge than I inferred from your first message.
I became red reading this ;)
> ------------------------------------"Never tell me the odds!"---
> Ray Olszewski -- Han Solo
'Carrie!' - Luke Skywalker. ;)
Best Regards
IronHand
--
nIck: IronHand of CruX /GCS d-(++) s:- a18 C++ UL++++ P+++ L++@ E\
maIl: { W+++ N+ o? K? w+++ !O M V? PS+ PE- Y PGP- }
ironhand@zsno.ids.czest.pl \t+ 5+ X- R++ tv b+ DI? D+ G++ e- h! r% y-/
Reply to: